function pmpro_login_redirect($redirect_to, $request, $user)
{
global $wpdb;
//is a user logging in?
if (!empty($user->ID)) {
//logging in, let's figure out where to send them
if (pmpro_isAdmin($user->ID)) {
//admins go to dashboard
$redirect_to = get_bloginfo("url") . "/wp-admin/";
} elseif (strpos($redirect_to, "checkout") !== false) {
//if the redirect url includes the word checkout, leave it alone
} elseif ($wpdb->get_var("SELECT membership_id FROM {$wpdb->pmpro_memberships_users} WHERE status = 'active' AND user_id = '" . $user->ID . "' LIMIT 1")) {
//if logged in and a member, send to wherever they were going
} else {
//not a member, send to subscription page
$redirect_to = pmpro_url("levels");
}
} else {
//not logging in (login form) so return what was given
}
//let's strip the https if force_ssl_login is set, but force_ssl_admin is not
if (force_ssl_login() && !force_ssl_admin()) {
$redirect_to = str_replace("https:", "http:", $redirect_to);
}
return apply_filters("pmpro_login_redirect_url", $redirect_to, $request, $user);
}
/**
* Check if SSL enabled
* @since 0.1.0
*/
function fx_ssl_active()
{
if (force_ssl_admin() && get_option('fx-ssl', false) && fx_ssl_is_https(get_option('home')) && fx_ssl_is_https(get_option('siteurl'))) {
return true;
}
return false;
}
function init()
{
load_theme_textdomain('p2', get_template_directory() . '/languages');
add_filter('the_content', 'make_clickable');
if (isset($_REQUEST['p2ajax'])) {
require_once P2_INC_PATH . '/ajax.php';
P2Ajax::dispatch();
die;
}
if (function_exists('is_site_admin') && !is_site_admin()) {
return;
}
$is_media_upload = isset($_REQUEST['p2-upload']);
// don't redirect to https version when uploading files, since the domain may be different
// and we don't have SSL certificates for blog domain, only for admin
if ($is_media_upload && isset($GLOBALS['pagenow']) && 'media-upload.php' == $GLOBALS['pagenow']) {
force_ssl_admin(is_ssl());
add_filter('get_user_option_use_ssl', returner(false));
}
if ($is_media_upload) {
add_filter('flash_uploader', returner(false));
add_filter('auth_redirect_scheme', returner('logged_in'));
add_filter('admin_url', array('P2', 'url_filter'));
add_filter('includes_url', array('P2', 'url_filter'));
add_filter('script_loader_src', array('P2', 'url_filter'));
add_filter('wp_get_attachment_url', lambda('$url', 'str_replace(get_bloginfo("url")."/", site_url("/"), $url);'), 11);
add_filter('media_upload_form_url', lambda('$url', 'add_query_arg( array( "p2-upload" => "true" ), $url );'));
}
}
function test_bp_core_ajax_url()
{
$forced = force_ssl_admin();
// (1) HTTPS off
force_ssl_admin(false);
$_SERVER['HTTPS'] = 'off';
// (1a) Front-end
$this->go_to('/');
$this->assertEquals(bp_core_ajax_url(), get_site_url(bp_get_root_blog_id(), '/wp-admin/admin-ajax.php', 'http'));
// (1b) Dashboard
$this->go_to('/wp-admin');
$this->assertEquals(bp_core_ajax_url(), get_site_url(bp_get_root_blog_id(), '/wp-admin/admin-ajax.php', 'http'));
// (2) FORCE_SSL_ADMIN
force_ssl_admin(true);
// (2a) Front-end
$this->go_to('/');
$this->assertEquals(bp_core_ajax_url(), get_site_url(bp_get_root_blog_id(), '/wp-admin/admin-ajax.php', 'http'));
// (2b) Dashboard
$this->go_to('/wp-admin');
$this->assertEquals(bp_core_ajax_url(), get_site_url(bp_get_root_blog_id(), '/wp-admin/admin-ajax.php', 'https'));
force_ssl_admin($forced);
// (3) Multisite, root blog other than 1
if (is_multisite()) {
$original_root_blog = bp_get_root_blog_id();
$blog_id = $this->factory->blog->create(array('path' => '/path' . rand() . time() . '/'));
buddypress()->root_blog_id = $blog_id;
$blog_url = get_blog_option($blog_id, 'siteurl');
$this->go_to(trailingslashit($blog_url));
buddypress()->root_blog_id = $original_root_blog;
$ajax_url = bp_core_ajax_url();
$this->go_to('/');
$this->assertEquals($blog_url . '/wp-admin/admin-ajax.php', $ajax_url);
}
}
/**
* Enable Private Site
* @since 0.1.0
*/
public function settings_field_ssl()
{
/* Check if feature is supported. */
if (is_ssl() && force_ssl_admin() && fx_ssl_is_https(get_option('home')) && fx_ssl_is_https(get_option('siteurl'))) {
$disabled = '';
$option = get_option($this->option_name, false);
} else {
$disabled = ' disabled=disabled';
$option = false;
// always false if requirement not met.
}
?>
<label for="fx_ssl_enable">
<input type="checkbox" value="1" id="fx_ssl_enable" name="<?php
echo esc_attr($this->option_name);
?>
" <?php
checked($option);
echo $disabled;
?>
> <?php
_ex('Redirect all pages to HTTPS', 'settings page', 'fx-ssl');
?>
</label>
<?php
}
function jr_process_login_form()
{
global $posted;
if (isset($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
} else {
$redirect_to = admin_url();
}
if (is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) {
$secure_cookie = false;
} else {
$secure_cookie = '';
}
$user = wp_signon('', $secure_cookie);
$redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
if (!is_wp_error($user)) {
if (user_can($user, 'manage_options')) {
$redirect_to = admin_url();
}
wp_safe_redirect($redirect_to);
exit;
}
$errors = $user;
return $errors;
}
function app_process_login_form()
{
global $posted;
if (isset($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
} else {
$redirect_to = admin_url();
}
if (is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) {
$secure_cookie = false;
} else {
$secure_cookie = '';
}
$user = wp_signon('', $secure_cookie);
$redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
if (!is_wp_error($user)) {
// automatically redirect admins to the WP back-end
if (user_can($user, 'manage_options')) {
$redirect_to = admin_url('admin.php?page=admin-options.php');
}
// otherwise redirect them to the hidden post url
wp_safe_redirect($redirect_to);
exit;
}
$errors = $user;
return $errors;
}
/**
* Sets the URL to https or http, depending on availability and related WP config settings/APIs.
*
* @since 4.2
*
* @param $url string
*
* @return string
*/
public function set_url_scheme($url)
{
$current_user = get_current_user();
if (function_exists('force_ssl_admin') && force_ssl_admin() || function_exists('force_ssl_login') && force_ssl_login() || function_exists('force_ssl_content') && force_ssl_content() || function_exists('is_ssl') && is_ssl() || !empty($current_user->use_ssl)) {
return set_url_scheme($url, 'https');
}
return set_url_scheme($url, 'http');
}
function wc_yotpo_redirect()
{
if (get_option('wc_yotpo_just_installed', false)) {
delete_option('wc_yotpo_just_installed');
wp_redirect(is_ssl() || force_ssl_admin() || force_ssl_login() ? str_replace('http:', 'https:', admin_url('admin.php?page=woocommerce-yotpo-settings-page')) : str_replace('https:', 'http:', admin_url('admin.php?page=woocommerce-yotpo-settings-page')));
exit;
}
}
function always_https_redirect()
{
//if FORCE_SSL_ADMIN is true and we're not over HTTPS
if (force_ssl_admin() && !is_ssl()) {
//redirect to https version of the page
wp_redirect("https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
exit;
}
}
/**
* Runs only when the plugin is activated.
* @since 0.1.0
*/
function fx_ssl_activation()
{
/* Add notice. */
if (is_ssl() && force_ssl_admin() && fx_ssl_is_https(get_bloginfo('url')) && fx_ssl_is_https(get_bloginfo('wpurl'))) {
set_transient('fx_ssl_notice', 'success', 5);
if (get_option('fx-ssl', false)) {
set_transient('fx_ssl_notice', 'active', 5);
}
} else {
set_transient('fx_ssl_notice', 'fail', 5);
}
}
/**
* Checks wether protocol is HTTPS and redirects user to secure connection if not
*/
protected function force_ssl()
{
if (force_ssl_admin() && !is_ssl()) {
if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) {
wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
die;
} else {
wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
die;
}
}
}
/**
* Process ajax login
*
* @access public
* @return void
*/
function woocommerce_sidebar_login_ajax_process()
{
check_ajax_referer('woocommerce-sidebar-login-action', 'security');
// Get post data
$creds = array();
$creds['user_login'] = esc_attr($_REQUEST['user_login']);
$creds['user_password'] = esc_attr($_REQUEST['user_password']);
$creds['remember'] = 'forever';
$redirect_to = esc_attr($_REQUEST['redirect_to']);
// Check for Secure Cookie
$secure_cookie = '';
// If the user wants ssl but the session is not ssl, force a secure cookie.
if (!force_ssl_admin()) {
$user_name = sanitize_user($creds['user_login']);
if ($user = get_user_by('login', $user_name)) {
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
if (force_ssl_admin()) {
$secure_cookie = true;
}
if ($secure_cookie == '' && force_ssl_login()) {
$secure_cookie = false;
}
// Login
$user = wp_signon($creds, $secure_cookie);
// Redirect filter
if ($secure_cookie && strstr($redirect_to, 'wp-admin')) {
$redirect_to = str_replace('http:', 'https:', $redirect_to);
}
// Result
$result = array();
if (!is_wp_error($user)) {
$result['success'] = 1;
$result['redirect'] = $redirect_to;
} else {
$result['success'] = 0;
if ($user->errors) {
foreach ($user->errors as $error) {
$result['error'] = $error[0];
break;
}
} else {
$result['error'] = __('Please enter your username and password to login.', 'woocommerce');
}
}
header('content-type: application/json; charset=utf-8');
echo $_GET['callback'] . '(' . json_encode($result) . ')';
die;
}
/**
* current_url function.
*
* @access public
* @param string $url (default: '')
* @return void
*/
function ft_current_url($url = '')
{
$pageURL = force_ssl_admin() ? 'https://' : 'http://';
$pageURL .= esc_attr($_SERVER['HTTP_HOST']);
$pageURL .= esc_attr($_SERVER['REQUEST_URI']);
if ($url != "nologout") {
if (!strpos($pageURL, '_login='******'_login', $rand_string, $pageURL);
}
}
return esc_url_raw($pageURL);
}
function auth_redirect()
{
// Checks if a user is logged in, if not redirects them to the login page
if (is_ssl() || force_ssl_admin()) {
$secure = true;
} else {
$secure = false;
}
// If https is required and request is http, redirect
if ($secure && !is_ssl() && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin')) {
if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) {
wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
exit;
} else {
wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
exit;
}
}
if ($user_id = wp_validate_auth_cookie()) {
do_action('auth_redirect', $user_id);
// If the user wants ssl but the session is not ssl, redirect.
if (!$secure && get_user_option('use_ssl', $user_id) && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin')) {
if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) {
wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
exit;
} else {
wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
exit;
}
}
return;
// The cookie is good so we're done
}
// The cookie is no good so force login
nocache_headers();
if (OPENSSO_ENABLED) {
// Redirect to OpenSSO login page then return here
$login_url = OPENSSO_BASE_URL . '?goto=' . urlencode(opensso_full_url());
} else {
if (is_ssl()) {
$proto = 'https://';
} else {
$proto = 'http://';
}
$redirect = strpos($_SERVER['REQUEST_URI'], '/options.php') && wp_get_referer() ? wp_get_referer() : $proto . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$login_url = wp_login_url($redirect);
}
wp_redirect($login_url);
exit;
}
function woocommerce_sidebar_login_ajax_process()
{
check_ajax_referer('woocommerce-sidebar-login-action', 'security');
// Get post data
$creds = array();
$creds['user_login'] = esc_attr($_POST['user_login']);
$creds['user_password'] = esc_attr($_POST['user_password']);
$creds['remember'] = 'forever';
$redirect_to = esc_attr($_POST['redirect_to']);
// Check for Secure Cookie
$secure_cookie = '';
// If the user wants ssl but the session is not ssl, force a secure cookie.
if (!empty($_POST['log']) && !force_ssl_admin()) {
$user_name = sanitize_user($_POST['log']);
if ($user = get_user_by('login', $user_name)) {
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) {
$secure_cookie = false;
}
// Login
$user = wp_signon($creds, $secure_cookie);
// Redirect filter
if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) {
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
}
// Result
$result = array();
if (!is_wp_error($user)) {
$result['success'] = 1;
$result['redirect'] = $redirect_to;
} else {
$result['success'] = 0;
foreach ($user->errors as $error) {
$result['error'] = $error[0];
break;
}
}
echo json_encode($result);
die;
}
function make_link($_action, $_dir, $_item = NULL, $_order = NULL, $_srt = NULL, $_lang = NULL)
{
// make link to next page
if ($_action == "" || $_action == NULL) {
$_action = "list";
}
if ($_dir == "") {
$_dir = NULL;
}
if ($_item == "") {
$_item = NULL;
}
if ($_order == NULL) {
$_order = $GLOBALS["order"];
}
if ($_srt == NULL) {
$_srt = $GLOBALS["srt"];
}
if ($_lang == NULL) {
$_lang = isset($GLOBALS["lang"]) ? $GLOBALS["lang"] : NULL;
}
$link = $GLOBALS["script_name"] . "?page=miwoftp&option=com_miwoftp&action=" . $_action;
/*Detect if the site has SSL enabled and switch all links to https --- Added by Shane Gadsby <*****@*****.**> || https://github.com/schme16*/
if (force_ssl_admin()) {
$link = str_replace("http://", "https://", $link, $temp = 1);
}
if ($_dir != NULL) {
$link .= "&dir=" . urlencode($_dir);
}
if ($_item != NULL) {
$link .= "&item=" . urlencode($_item);
}
if ($_order != NULL) {
$link .= "&order=" . $_order;
}
if ($_srt != NULL) {
$link .= "&srt=" . $_srt;
}
if ($_lang != NULL) {
$link .= "&lang=" . $_lang;
}
return $link;
}
static function logon($username)
{
$secure_cookie = '';
if (!empty($username) && !force_ssl_admin()) {
$usn = sanitize_user($username);
if ($user = get_user_by('login', $usn)) {
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
$reauth = empty($_REQUEST['reauth']) ? false : true;
$user = wp_signon('', $secure_cookie);
if (!is_wp_error($user) && !$reauth) {
return $user->ID;
}
return false;
}
public function go_to($url)
{
$GLOBALS['_SERVER']['REQUEST_URI'] = $url = str_replace(network_home_url(), '', $url);
$_GET = $_POST = array();
foreach (array('query_string', 'id', 'postdata', 'authordata', 'day', 'currentmonth', 'page', 'pages', 'multipage', 'more', 'numpages', 'pagenow') as $v) {
if (isset($GLOBALS[$v])) {
unset($GLOBALS[$v]);
}
}
$parts = parse_url($url);
if (isset($parts['scheme'])) {
$req = $parts['path'];
if (isset($parts['query'])) {
$req .= '?' . $parts['query'];
parse_str($parts['query'], $_GET);
}
} else {
$req = $url;
}
if (!isset($parts['query'])) {
$parts['query'] = '';
}
// Scheme
if (0 === strpos($req, '/wp-admin') && force_ssl_admin()) {
$_SERVER['HTTPS'] = 'on';
} else {
unset($_SERVER['HTTPS']);
}
$_SERVER['REQUEST_URI'] = $req;
unset($_SERVER['PATH_INFO']);
$this->flush_cache();
unset($GLOBALS['wp_query'], $GLOBALS['wp_the_query']);
$GLOBALS['wp_the_query'] = new WP_Query();
$GLOBALS['wp_query'] =& $GLOBALS['wp_the_query'];
$GLOBALS['wp'] = new WP();
foreach ($GLOBALS['wp']->public_query_vars as $v) {
unset($GLOBALS[$v]);
}
foreach ($GLOBALS['wp']->private_query_vars as $v) {
unset($GLOBALS[$v]);
}
$GLOBALS['wp']->main($parts['query']);
}
function auth_redirect()
{
// Checks if a user is logged in, if not redirects them to the login page
$secure = is_ssl() || force_ssl_admin();
$secure = apply_filters('secure_auth_redirect', $secure);
// If https is required and request is http, redirect
if ($secure && !is_ssl() && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin')) {
if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) {
wp_redirect(set_url_scheme($_SERVER['REQUEST_URI'], 'https'));
exit;
} else {
wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
exit;
}
}
if (is_user_admin()) {
$scheme = 'logged_in';
} else {
$scheme = apply_filters('auth_redirect_scheme', '');
}
if ($user_id = wp_validate_auth_cookie('', $scheme)) {
do_action('auth_redirect', $user_id);
// If the user wants ssl but the session is not ssl, redirect.
if (!$secure && get_user_option('use_ssl', $user_id) && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin')) {
if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) {
wp_redirect(set_url_scheme($_SERVER['REQUEST_URI'], 'https'));
exit;
} else {
wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
exit;
}
}
return;
// The cookie is good so we're done
}
// The cookie is no good so force login
nocache_headers();
$redirect = strpos($_SERVER['REQUEST_URI'], '/options.php') && wp_get_referer() ? wp_get_referer() : set_url_scheme('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
// Change login url
$login_url = Maestrano::sso()->getInitPath();
wp_redirect($login_url);
exit;
}
/**
*/
public function run()
{
if ($this->getIsOption('disable_file_editing', 'Y')) {
if (!defined('DISALLOW_FILE_EDIT')) {
define('DISALLOW_FILE_EDIT', true);
}
add_filter('user_has_cap', array($this, 'disableFileEditing'), 0, 3);
}
$sWpVersionMask = $this->getOption('mask_wordpress_version');
if (!empty($sWpVersionMask)) {
global $wp_version;
$wp_version = $sWpVersionMask;
// add_filter( 'bloginfo', array( $this, 'maskWordpressVersion' ), 1, 2 );
// add_filter( 'bloginfo_url', array( $this, 'maskWordpressVersion' ), 1, 2 );
}
if (false && $this->getOption('action_reset_auth_salts') == 'Y') {
add_action('init', array($this, 'resetAuthKeysSalts'), 1);
}
if ($this->getIsOption('force_ssl_login', 'Y') && function_exists('force_ssl_login')) {
if (!defined('FORCE_SSL_LOGIN')) {
define('FORCE_SSL_LOGIN', true);
}
force_ssl_login(true);
}
if ($this->getIsOption('force_ssl_admin', 'Y') && function_exists('force_ssl_admin')) {
if (!defined('FORCE_SSL_ADMIN')) {
define('FORCE_SSL_ADMIN', true);
}
force_ssl_admin(true);
}
if ($this->getIsOption('hide_wordpress_generator_tag', 'Y')) {
remove_action('wp_head', 'wp_generator');
}
if ($this->getIsOption('block_author_discovery', 'Y')) {
// jump in right before add_action( 'template_redirect', 'redirect_canonical' );
add_action('wp', array($this, 'interceptCanonicalRedirects'), 9);
}
if ($this->getIsOption('disable_xmlrpc', 'Y')) {
add_filter('xmlrpc_enabled', '__return_false', 1000);
}
}
/**
* Set required settings and register our actions
*/
public static function bootstrap()
{
global $PHP_SELF;
$_SERVER['PHP_SELF'] = $PHP_SELF = preg_replace('/(\\?.*)?$/', '', $_SERVER['REQUEST_URI']);
add_filter('got_rewrite', '__return_true', self::LOW_PRIORITY);
if (is_production()) {
add_filter('secure_auth_redirect', '__return_true');
force_ssl_admin(true);
defined('DISALLOW_FILE_EDIT') or define('DISALLOW_FILE_EDIT', true);
defined('DISALLOW_FILE_MODS') or define('DISALLOW_FILE_MODS', true);
}
defined('DISABLE_WP_CRON') or define('DISABLE_WP_CRON', true);
// We don't want to use fsockopen as on App Engine it's not efficient
add_filter('use_fsockopen_transport', '__return_false');
// ::settings_link() takes 2 parameters
add_filter('plugin_action_links', __CLASS__ . '::settings_link', self::NORMAL_PRIORITY, 2);
add_action('admin_enqueue_scripts', __CLASS__ . '::register_styles');
add_action('admin_menu', __CLASS__ . '::register_settings_page');
add_action('admin_init', __CLASS__ . '::register_settings');
add_action('init', __CLASS__ . '::load_textdomain');
}
function site_url($path = '', $scheme = null)
{
// should the list of allowed schemes be maintained elsewhere?
$orig_scheme = $scheme;
if (!in_array($scheme, array('http', 'https'))) {
if ('login_post' == $scheme && (force_ssl_login() || force_ssl_admin())) {
$scheme = 'https';
} elseif ('login' == $scheme && force_ssl_admin()) {
$scheme = 'https';
} elseif ('admin' == $scheme && force_ssl_admin()) {
$scheme = 'https';
} else {
$scheme = is_ssl() ? 'https' : 'http';
}
}
$url = str_replace('http://', "{$scheme}://", get_option('siteurl'));
if (!empty($path) && is_string($path) && strpos($path, '..') === false) {
$url .= '/' . ltrim($path, '/');
}
return apply_filters('site_url', $url, $path, $orig_scheme);
}
public function process_login()
{
do_action('popmake_alm_ajax_override_login');
$secure_cookie = false;
if (!empty($_POST['log']) && !force_ssl_admin()) {
$user_name = sanitize_user($_POST['log']);
if ($user = get_user_by('login', $user_name)) {
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
$user = wp_signon('', $secure_cookie);
// Check the results of our login and provide the needed feedback
if (is_wp_error($user)) {
$response = array('success' => false, 'message' => __('Wrong Username or Password!', 'popup-maker-ajax-login-modals'));
} else {
$response = array('success' => true, 'message' => __('Login Successful!', 'popup-maker-ajax-login-modals'));
}
echo json_encode($response);
die;
}
function set_url_scheme($url, $scheme = null)
{
$orig_scheme = $scheme;
if (!$scheme) {
$scheme = is_ssl() ? 'https' : 'http';
} elseif ($scheme === 'admin' || $scheme === 'login' || $scheme === 'login_post' || $scheme === 'rpc') {
$scheme = is_ssl() || force_ssl_admin() ? 'https' : 'http';
} elseif ($scheme !== 'http' && $scheme !== 'https' && $scheme !== 'relative') {
$scheme = is_ssl() ? 'https' : 'http';
}
$url = trim($url);
if (substr($url, 0, 2) === '//') {
$url = 'http:' . $url;
}
if ('relative' == $scheme) {
$url = ltrim(preg_replace('#^\\w+://[^/]*#', '', $url));
if ($url !== '' && $url[0] === '/') {
$url = '/' . ltrim($url, "/ \t\n\r\v");
}
} else {
$url = preg_replace('#^\\w+://#', $scheme . '://', $url);
}
return apply_filters('set_url_scheme', $url, $scheme, $orig_scheme);
}
/**
* Set the scheme for a URL
*
* @since 3.4.0
*
* @param string $url Absolute url that includes a scheme
* @param string $scheme Optional. Scheme to give $url. Currently 'http', 'https', 'login', 'login_post', 'admin', or 'relative'.
* @return string $url URL with chosen scheme.
*/
function set_url_scheme($url, $scheme = null)
{
$orig_scheme = $scheme;
if (!$scheme) {
$scheme = is_ssl() ? 'https' : 'http';
} elseif ($scheme === 'admin' || $scheme === 'login' || $scheme === 'login_post' || $scheme === 'rpc') {
$scheme = is_ssl() || force_ssl_admin() ? 'https' : 'http';
} elseif ($scheme !== 'http' && $scheme !== 'https' && $scheme !== 'relative') {
$scheme = is_ssl() ? 'https' : 'http';
}
$url = trim($url);
if (substr($url, 0, 2) === '//') {
$url = 'http:' . $url;
}
if ('relative' == $scheme) {
$url = ltrim(preg_replace('#^\\w+://[^/]*#', '', $url));
if ($url !== '' && $url[0] === '/') {
$url = '/' . ltrim($url, "/ \t\n\r\v");
}
} else {
$url = preg_replace('#^\\w+://#', $scheme . '://', $url);
}
/**
* Filter the resulting URL after setting the scheme.
*
* @since 3.4.0
*
* @param string $url The complete URL including scheme and path.
* @param string $scheme Scheme applied to the URL. One of 'http', 'https', or 'relative'.
* @param string $orig_scheme Scheme requested for the URL. One of 'http', 'https', 'login',
* 'login_post', 'admin', 'rpc', or 'relative'.
*/
return apply_filters('set_url_scheme', $url, $scheme, $orig_scheme);
}
login_footer('user_login');
break;
case 'login':
default:
$secure_cookie = '';
$customize_login = isset($_REQUEST['customize-login']);
if ($customize_login) {
wp_enqueue_script('customize-base');
}
// If the user wants ssl but the session is not ssl, force a secure cookie.
if (!empty($_POST['log']) && !force_ssl_admin()) {
$user_name = sanitize_user($_POST['log']);
if ($user = get_user_by('login', $user_name)) {
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
if (isset($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
// Redirect to https if user wants ssl
if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) {
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
}
} else {
$redirect_to = admin_url();
}
$reauth = empty($_REQUEST['reauth']) ? false : true;
$user = wp_signon('', $secure_cookie);
if (empty($_COOKIE[LOGGED_IN_COOKIE])) {
/**
* Proccesses the request
*
* Callback for "template_redirect" hook in template-loader.php
*
* @since 6.3
* @access public
*/
public function template_redirect()
{
$this->request_action = isset($_REQUEST['action']) ? sanitize_key($_REQUEST['action']) : '';
if (!$this->request_action && self::is_tml_page()) {
$this->request_action = self::get_page_action(get_the_id());
}
$this->request_instance = isset($_REQUEST['instance']) ? sanitize_key($_REQUEST['instance']) : 0;
do_action_ref_array('tml_request', array(&$this));
// allow plugins to override the default actions, and to add extra actions if they want
do_action('login_form_' . $this->request_action);
if (has_action('tml_request_' . $this->request_action)) {
do_action_ref_array('tml_request_' . $this->request_action, array(&$this));
} else {
$http_post = 'POST' == $_SERVER['REQUEST_METHOD'];
switch ($this->request_action) {
case 'postpass':
if (!array_key_exists('post_password', $_POST)) {
wp_safe_redirect(wp_get_referer());
exit;
}
require_once ABSPATH . 'wp-includes/class-phpass.php';
$hasher = new PasswordHash(8, true);
$expire = apply_filters('post_password_expires', time() + 10 * DAY_IN_SECONDS);
if ($referer) {
$secure = 'https' === parse_url($referer, PHP_URL_SCHEME);
} else {
$secure = false;
}
setcookie('wp-postpass_' . COOKIEHASH, $hasher->HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure);
wp_safe_redirect(wp_get_referer());
exit;
break;
case 'logout':
check_admin_referer('log-out');
$user = wp_get_current_user();
wp_logout();
if (!empty($_REQUEST['redirect_to'])) {
$redirect_to = $requested_redirect_to = $_REQUEST['redirect_to'];
} else {
$redirect_to = site_url('wp-login.php?loggedout=true');
$requested_redirect_to = '';
}
$redirect_to = apply_filters('logout_redirect', $redirect_to, $requested_redirect_to, $user);
wp_safe_redirect($redirect_to);
exit;
break;
case 'lostpassword':
case 'retrievepassword':
if ($http_post) {
$this->errors = self::retrieve_password();
if (!is_wp_error($this->errors)) {
$redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : site_url('wp-login.php?checkemail=confirm');
wp_safe_redirect($redirect_to);
exit;
}
}
if (isset($_REQUEST['error'])) {
if ('invalidkey' == $_REQUEST['error']) {
$this->errors->add('invalidkey', __('Your password reset link appears to be invalid. Please request a new link below.', 'theme-my-login'));
} elseif ('expiredkey' == $_REQUEST['error']) {
$this->errors->add('expiredkey', __('Your password reset link has expired. Please request a new link below.', 'theme-my-login'));
}
}
do_action('lost_password');
break;
case 'resetpass':
case 'rp':
// Dirty hack for now
global $rp_login, $rp_key;
list($rp_path) = explode('?', wp_unslash($_SERVER['REQUEST_URI']));
$rp_cookie = 'wp-resetpass-' . COOKIEHASH;
if (isset($_GET['key'])) {
$value = sprintf('%s:%s', wp_unslash($_GET['login']), wp_unslash($_GET['key']));
setcookie($rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
wp_safe_redirect(remove_query_arg(array('key', 'login')));
exit;
}
if (isset($_COOKIE[$rp_cookie]) && 0 < strpos($_COOKIE[$rp_cookie], ':')) {
list($rp_login, $rp_key) = explode(':', wp_unslash($_COOKIE[$rp_cookie]), 2);
$user = check_password_reset_key($rp_key, $rp_login);
if (isset($_POST['pass1']) && !hash_equals($rp_key, $_POST['rp_key'])) {
$user = false;
}
} else {
$user = false;
}
if (!$user || is_wp_error($user)) {
setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
if ($user && $user->get_error_code() === 'expired_key') {
wp_redirect(site_url('wp-login.php?action=lostpassword&error=expiredkey'));
} else {
wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey'));
}
exit;
}
if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) {
$this->errors->add('password_reset_mismatch', __('The passwords do not match.', 'theme-my-login'));
}
do_action('validate_password_reset', $this->errors, $user);
if (!$this->errors->get_error_code() && isset($_POST['pass1']) && !empty($_POST['pass1'])) {
reset_password($user, $_POST['pass1']);
setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
$redirect_to = site_url('wp-login.php?resetpass=complete');
wp_safe_redirect($redirect_to);
exit;
}
wp_enqueue_script('utils');
wp_enqueue_script('user-profile');
break;
case 'register':
if (!get_option('users_can_register')) {
$redirect_to = site_url('wp-login.php?registration=disabled');
wp_redirect($redirect_to);
exit;
}
$user_login = '';
$user_email = '';
if ($http_post) {
if ('email' == $this->get_option('login_type')) {
$user_login = isset($_POST['user_email']) ? $_POST['user_email'] : '';
} else {
$user_login = isset($_POST['user_login']) ? $_POST['user_login'] : '';
}
$user_email = isset($_POST['user_email']) ? $_POST['user_email'] : '';
$this->errors = register_new_user($user_login, $user_email);
if (!is_wp_error($this->errors)) {
$redirect_to = !empty($_POST['redirect_to']) ? $_POST['redirect_to'] : site_url('wp-login.php?checkemail=registered');
wp_safe_redirect($redirect_to);
exit;
}
}
break;
case 'login':
default:
$secure_cookie = '';
$interim_login = isset($_REQUEST['interim-login']);
// If the user wants ssl but the session is not ssl, force a secure cookie.
if (!empty($_POST['log']) && !force_ssl_admin()) {
$user_name = sanitize_user($_POST['log']);
if ($user = get_user_by('login', $user_name)) {
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
if (!empty($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
// Redirect to https if user wants ssl
if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) {
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
}
} else {
$redirect_to = admin_url();
}
$reauth = empty($_REQUEST['reauth']) ? false : true;
if ($http_post && isset($_POST['log'])) {
$user = wp_signon('', $secure_cookie);
$redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
if (!is_wp_error($user) && !$reauth) {
if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) {
// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) {
$redirect_to = user_admin_url();
} elseif (is_multisite() && !$user->has_cap('read')) {
$redirect_to = get_dashboard_url($user->ID);
} elseif (!$user->has_cap('edit_posts')) {
$redirect_to = $user->has_cap('read') ? admin_url('profile.php') : home_url();
}
}
wp_safe_redirect($redirect_to);
exit;
}
$this->errors = $user;
}
// Clear errors if loggedout is set.
if (!empty($_GET['loggedout']) || $reauth) {
$this->errors = new WP_Error();
}
// Some parts of this script use the main login form to display a message
if (isset($_GET['loggedout']) && true == $_GET['loggedout']) {
$this->errors->add('loggedout', __('You are now logged out.', 'theme-my-login'), 'message');
} elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) {
$this->errors->add('registerdisabled', __('User registration is currently not allowed.', 'theme-my-login'));
} elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) {
$this->errors->add('confirm', __('Check your e-mail for the confirmation link.', 'theme-my-login'), 'message');
} elseif (isset($_GET['resetpass']) && 'complete' == $_GET['resetpass']) {
$this->errors->add('password_reset', __('Your password has been reset.', 'theme-my-login'), 'message');
} elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) {
$this->errors->add('registered', __('Registration complete. Please check your e-mail.', 'theme-my-login'), 'message');
} elseif ($interim_login) {
$this->errors->add('expired', __('Your session has expired. Please log-in again.', 'theme-my-login'), 'message');
} elseif (strpos($redirect_to, 'about.php?updated')) {
$this->errors->add('updated', __('<strong>You have successfully updated WordPress!</strong> Please log back in to experience the awesomeness.', 'theme-my-login'), 'message');
} elseif ($reauth) {
$this->errors->add('reauth', __('Please log in to continue.', 'theme-my-login'), 'message');
}
// Clear any stale cookies.
if ($reauth) {
wp_clear_auth_cookie();
}
break;
}
// end switch
}
// endif has_filter()
}
/**
* Whether SSL login should be forced.
*
* @since 2.6.0
*
* @see force_ssl_admin()
*
* @param string|bool $force Optional Whether to force SSL login. Default null.
* @return bool True if forced, false if not forced.
*/
function force_ssl_login($force = null)
{
return force_ssl_admin($force);
}
/**
* Checks if a user is logged in, if not it redirects them to the login page.
*
* @since 1.5.0
*/
function auth_redirect()
{
// Checks if a user is logged in, if not redirects them to the login page
$secure = is_ssl() || force_ssl_admin();
/**
* Filter whether to use a secure authentication redirect.
*
* @since 3.1.0
*
* @param bool $secure Whether to use a secure authentication redirect. Default false.
*/
$secure = apply_filters('secure_auth_redirect', $secure);
// If https is required and request is http, redirect
if ($secure && !is_ssl() && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin')) {
if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) {
wp_redirect(set_url_scheme($_SERVER['REQUEST_URI'], 'https'));
exit;
} else {
wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
exit;
}
}
if (is_user_admin()) {
$scheme = 'logged_in';
} else {
/**
* Filter the authentication redirect scheme.
*
* @since 2.9.0
*
* @param string $scheme Authentication redirect scheme. Default empty.
*/
$scheme = apply_filters('auth_redirect_scheme', '');
}
if ($user_id = wp_validate_auth_cookie('', $scheme)) {
/**
* Fires before the authentication redirect.
*
* @since 2.8.0
*
* @param int $user_id User ID.
*/
do_action('auth_redirect', $user_id);
// If the user wants ssl but the session is not ssl, redirect.
if (!$secure && get_user_option('use_ssl', $user_id) && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin')) {
if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) {
wp_redirect(set_url_scheme($_SERVER['REQUEST_URI'], 'https'));
exit;
} else {
wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
exit;
}
}
return;
// The cookie is good so we're done
}
// The cookie is no good so force login
nocache_headers();
$redirect = strpos($_SERVER['REQUEST_URI'], '/options.php') && wp_get_referer() ? wp_get_referer() : set_url_scheme('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
$login_url = wp_login_url($redirect, true);
wp_redirect($login_url);
exit;
}
